using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

/// <summary>
/// Summary description for checkUser
/// </summary>
public class  bzCheckAdminUser
{
    public static int View = 1;
    public static int Type = 2;
    public static int Edit = 3;
    public static int Delete = 4;
    private static dbConnection _DB = new dbConnection();
    public static bool currentLogin(string strUserName, string strIP, string LoginID)
    {
        SqlParameter[] p = new SqlParameter[3];
        p[0] = new SqlParameter("@AdminUser", strUserName.Trim());
        p[1] = new SqlParameter("@IP", strIP.Trim());
        p[2] = new SqlParameter("@LoginID", LoginID);
        DataTable dt = _DB.getDataTable("SP_checkCurrentAdminUser", p);
        if (dt.Rows.Count > 0)
        {
            TimeSpan t = DateTime.Now - Convert.ToDateTime(dt.Rows[0]["LoginTime"]);
            if (t.TotalSeconds <= Convert.ToInt64(new bzSiteOption(bzSiteOption.Group.Administrator,"General").SiteOption["LoginTime"].ToString()))
            {
                SqlParameter[] sp = new SqlParameter[3];
                sp[0] = new SqlParameter("@UserName", strUserName);
                sp[1] = new SqlParameter("@IP", strIP);
                sp[2] = new SqlParameter("@LoginID", LoginID);
                if (_DB.updateData("SP_updateAdminUser_IP", sp) > 0) return true;
            }
        }
        return false;
    }
    public static bool checkAdmin(string sUserName, string sAdminLevel, string sIP, string sLoginID,string sGroupName)
    { 
        SqlParameter[] p=new SqlParameter[4];
        p[0] = new SqlParameter("@AdminUser", sUserName);
        p[1] = new SqlParameter("@Code", bzStringClass.MD5(sGroupName.ToLower()+sAdminLevel));
        p[2] = new SqlParameter("@IP", sIP);
        p[3] = new SqlParameter("@LoginID", sLoginID);
        if (_DB.getDataTable("SP_checkAdminLevel", p).Rows.Count > 0) return true;
        return false;
    }
    public static bool checkUserPermission(string strUserName,string strAdminLevel,string strIP,string strLoginID,string strGroupUser,string strURL,int permissionLevel)
    {
        if (currentLogin(strUserName, strIP, strLoginID))
        {
            if (checkAdmin(strUserName, strAdminLevel, strIP, strLoginID, strGroupUser)) return true;

            string[] str = strURL.Split('/');
            SqlParameter[] p = new SqlParameter[4];
            p[0] = new SqlParameter("@AdminUser", strUserName.Trim());
            p[1] = new SqlParameter("@FunctionLevel", permissionLevel);
            p[2] = new SqlParameter("@URL", "%"+str[str.Length-1]+"%");
            p[3] = new SqlParameter("@SecurityCode", bzStringClass.MD5(strGroupUser + AdminFunction_AdminGroupUser.Code));

            if (_DB.getDataTable("SP_checkPerrmision",p).Rows.Count > 0) return true;
        }
        return false;
    }
}
